1 / 19

Introduction to InfoSec – SQLI and jQuery (R9)

Introduction to InfoSec – SQLI and jQuery (R9). Nir Krakowski ( nirkrako at post.tau.ac.il) Itamar Gilad ( itamargi at post.tau.ac.il). Covered material. Useful SQL Tools SQL Injection over-view. More on SQL Injection Mass Code Reverse Engineering Javascript/ Jquery primer.

kennan
Télécharger la présentation

Introduction to InfoSec – SQLI and jQuery (R9)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to InfoSec – SQLI and jQuery (R9) NirKrakowski (nirkrako at post.tau.ac.il) ItamarGilad (itamargi at post.tau.ac.il)

  2. Covered material • Useful SQL Tools • SQL Injection over-view. • More on SQL Injection • Mass Code Reverse Engineering • Javascript/Jquery primer.

  3. Useful SQL Tools • phpMyAdmin • Mysql

  4. SQLI • What is SQL Injection ? • Exploitation of string sanitation failure to make manipulated database queries by means of SQL (Structured Query Language). • SQLI can be used for: • Information Leak • Modification of DB. • Bypassing of authentication checks • Hacking the underlaying OS. • Not limited to HTTP(S) Requests, but most common there. Anything that uses SQL queries may be vulnerable.

  5. SQL • SQL is not a completely generic language. • There are special modifications per DB manufacturer • We will concentrate on mysql – open source very commonly in use DB.

  6. Useful SQL Commands • Mysql commands: • Connect dbname • Show tables • Show columns from tablename;

  7. SELECT • Explanation by example: • SELECT * FROM TABLENAME; • SELECT FieldName1, FieldName2 FROM TABLENAME; • SELECT 1;

  8. CONCAT & AS • SELECT CONCAT(‘1’,’2’); • SELECT CONCAT (username, ‘/’, password) as username FROM some_user_table; • SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE version=10;

  9. UNION • SELECT username, password FROM TABLENAME WHERE USER username UNION SELECT 1,2; • Field count must match. • Examples: • SELECT * FROM USERS WHERE username = '1' UNION SELECT 1,2; -- Will not work, because number of fields doesn’t match. • SELECT * FROM USERS WHERE username = '1' UNION SELECT 1,2,3; -- will return one row with values 1,2,3, because no username named ‘1’ exists.

  10. Accessing Underlying OS • SELECT LOAD_FILE('/etc/passwd'); • SELECT * FROM TBL INTO OUTFILE ‘/tmp/asd’;

  11. Good Source for SQLI Info • https://en.wikipedia.org/wiki/SQL_injection • http://www.websec.ca/kb/sql_injection

  12. Code Browsing with Source Insight • Source based “RE”. • Target: Quickly come up with a location in the code that handles a specific function. • http://www.sourceinsight.com • Simple, yet fastest Editor out there for handling massive amounts of code. • Need to manually fix it to work with PHP: • http://blog.sina.com.cn/s/blog_4e7453df010111v7.html • Easy scroll through code. • Ctrl-/ - Search the database for pre-parsed words. • Ctrl+Left-Mouse-Click on a word, follow link to definition.

  13. Code browsing demo • Let’s browse elgg. • . • . • WAIT Let’s look at the interface first!! What is elgg? • User: neo0 Password: neoqwerty • Now let

  14. Javascript and JQuery • Javascript allows to make create callbacks from the DOM and modify settings in the DOM (Document Object Model). • Furthermore AJAX allows creating dynamic web pages using HTTP Queries sent to the server from within the javascript (originally named DHTML) • This was created to alleviate the need for page refreshing (horrible).

  15. Firebug/Chrome Developer Tools • Firebug is a Web client-side developer tool. • Can be used as a Javascript interpreter. • Can be used to make on-the-fly modifications to the DOM. • Can be used to understand outgoing/incoming HTTP headers/data of response and request. • Browse and modify CSS Styling

  16. Firebug • Important functions: • Net View. • Console • Elements • Using inspect element we can locate items from the screen on the DOMvery easily.

  17. jQuery • jQuery is the most popular Javascript library used in the wild. • $$$$$ - $ is used for quick access to the DOM. • $(“body”)[0].ondrag= function () { alert("Hello, World!"); } • $(“#itemid”).remove() • $(“div”). css(‘color’, ‘red’).show() • Quick Primer: • http://dotnetslackers.com/articles/ajax/JQuery-Primer-Part-1.aspx

  18. Example • [Remove commercial from screen using Element viewer and jQuery]

  19. Appendix A • Passwords for the DB: • l/p: elgg/elggp4ss • l/p: root/mysql_root_passwd

More Related